Privacy Policy
How Conflux handles personal and financial planning data.
This Privacy Policy explains how Conflux collects, uses, stores, and shares information when you use our beta financial planning application, website, and related services.
Last updated: June 19, 2026
Table of Contents
Information We Collect
We collect information you provide directly, information generated through your use of the application, and limited technical information needed to operate and secure the service.
- Account information: name, email address, authentication identifiers, profile settings, beta access status, and account preferences.
- Planning information: account labels, account roles, balances, recurring bills, planned spending, transaction categories, matching decisions, calendar settings, reports, and other financial planning inputs you create.
- Connected financial data: when you connect an account through Plaid, we may receive account names, account type, masked account identifiers, institution information, balances, transactions, transaction dates, descriptions, merchant information, categories, and related metadata.
- Uploaded financial data: if you import CSV files or similar datasets, we process the fields you upload, which may include dates, amounts, descriptions, merchants, categories, account labels, and running balances.
- Technical and usage data: device, browser, log, diagnostic, feedback, and security event information used to maintain reliability, troubleshoot errors, and protect the application.
Financial Data Access
Financial account connections are handled through Plaid. When you choose to connect a financial institution, Plaid Link presents the connection flow and consent experience.Conflux does not ask you to provide online banking usernames or passwords directly to us.
After you authorize a connection, Plaid provides us with tokenized access to permitted account data so the application can retrieve transaction history, current or available balances, account metadata, and related financial data needed to power your calendar, reports, matching tools, and planning guidance.
You may disconnect financial accounts or request deletion of connected-account data by contacting us at support@useconflux.com. Disconnecting a financial account may limit or disable bank sync features.
How We Use Information
We use information to provide, secure, improve, and support Conflux.
- Authenticate users and manage account access through Supabase Auth.
- Import, categorize, and display transactions and balances.
- Build cash-flow calendars, reports, recurring item views, and planning guidance.
- Match actual transactions to planned or recurring items.
- Provide account settings, support, feedback handling, and beta administration.
- Detect errors, monitor reliability, prevent abuse, and protect the service.
- Comply with legal, security, and operational obligations.
We do not use your personal or financial data to provide financial, legal, tax, or investment advice. Planning guidance is informational and intended to help you reason about timing.
Data Storage and Security
User data is stored in Supabase. The application is hosted on Vercel. We use administrative, technical, and organizational safeguards designed to protect personal and financial information against unauthorized access, loss, misuse, and alteration.
- Application traffic is served over HTTPS/TLS.
- Production data is stored in Supabase with access controls and database policies.
- Financial access tokens received through Plaid are stored in encrypted form.
- Secrets are stored in environment variables and are not committed to source code.
- Access to production systems is limited to personnel or service providers with a need to know.
- We monitor application errors, operational issues, and security-relevant events during beta.
No method of transmission or storage is completely secure. We work to use reasonable safeguards appropriate for an early-stage beta financial planning application, but we cannot guarantee absolute security.
Data Sharing
We do not sell user data.
We may share information with service providers that help us operate the application, including Supabase for authentication and database services, Plaid for financial account connectivity, Vercel for hosting, email or support providers, analytics or monitoring providers, and similar vendors acting on our behalf.
We may also disclose information if required by law, legal process, security obligations, protection of rights, fraud prevention, or in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.
User Rights
Depending on your location, you may have rights to access, correct, delete, export, or restrict certain processing of your personal information. You may also have the right to withdraw consent for connected financial account access.
- You can update certain account and planning data inside the application.
- You can disconnect bank sync or stop uploading financial data.
- You can request a copy, correction, or deletion of personal data by contacting support.
- You can opt out of non-essential communications where such controls are available.
We may need to verify your identity before processing certain requests. Some data may be retained where necessary for security, legal compliance, dispute resolution, or legitimate operational purposes.
Data Retention
We retain personal and financial planning data for as long as needed to provide the service, maintain your account, support beta operations, comply with legal obligations, resolve disputes, and enforce agreements.
Financial account data, imported transactions, reports, settings, and planning data are generally retained while your account remains active. Diagnostic logs and support records may be retained for a shorter or longer period depending on operational, security, or legal needs.
Data Deletion Requests
You may request account deletion by emailing support@useconflux.com. Please use the email address associated with your account so we can verify and process the request.
Deleted accounts and associated production data will be removed from production systems within 30 days after verification, unless we are required or permitted to retain certain information for legal, security, fraud prevention, backup, accounting, dispute resolution, or compliance purposes.
Data stored in backups or logs may persist for a limited period before it is deleted or overwritten according to provider backup and retention schedules.
Children's Privacy
Conflux is not intended for children under 13 years old, and we do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided personal information, we will take reasonable steps to delete it.
Contact Information
For privacy questions, data requests, deletion requests, or security concerns, contact us at support@useconflux.com.
You can also review our plain-language Data Safety page for beta-specific information about what data the application needs and how it is used.
Changes To This Policy
We may update this Privacy Policy as the application, legal requirements, or business practices change. If changes are material, we will take reasonable steps to notify users, such as updating the effective date, posting a notice in the application, or sending notice through account or support channels.
Your continued use of Conflux after an updated policy becomes effective means you acknowledge the updated policy to the extent permitted by law.